Senior Engineer, Cybersecurity Program & Risk

The SPLC is seeking a Senior Engineer of Cybersecurity Program & Risk who is passionate about social justice!

The Cybersecurity Program & Risk Senior Engineer is responsible for developing, implementing, and maintaining the organization's cybersecurity program aligned with the NIST Cybersecurity Framework (CSF) 2.0. This position manages cybersecurity policies and procedures, facilitates risk and business impact workshops with business stakeholders, manages third-party security vendors, and coordinates incident response and business continuity planning. The role validates program effectiveness through external penetration testing and maturity metrics, ensuring the organizations cyber posture is continuously improved.

This position does not include supervisory responsibilities but requires strong cross-functional collaboration with IT, business leaders, and external partners and may provide mentorship to more junior level staff.

Who You Are:

- Cybersecurity expert with hands-on experience designing, operating, and maturing enterprise security programs that align controls and practices to NIST CSF 2.0 and Zero Trust Architecture principles.
- Experienced in enterprise risk management, threat modeling and adversary analysis using frameworks such as MITRE ATT&CK and Microsoft STRIDE.
- Comfortable managing vendors, MSSPs, penetration testing engagements, and third-party security reviews.
- Proactive, data-driven and metrics-focused collaborator with the ability to translate technical risk into business-focused reporting.
- Analytical mindset capable of examining processes and focusing on risk mitigation.

What You'll Do:

- Develop, maintain, and enforce organizational cybersecurity policies, standards, and procedures.
- Align cybersecurity practices and controls with NIST CSF 2.0 and Zero Trust Architecture maturity goals.
- Facilitate business impact analyses and risk assessment workshops with stakeholders.
- Maintain and track the enterprise cyber risk register.
- Coordinate external penetration tests and other independent assessments.
- Manage day-to-day aspects of security vendor business relationships.
- Oversee cybersecurity awareness and phishing testing program.
- Maintain and update incident response and business continuity planning playbooks.
- Plan and coordinate tabletop exercises across IT and business units.
- Develop cybersecurity dashboards and maturity metrics.

Minimum Qualifications:

- Minimum 5 years of cybersecurity engineering governance, risk and compliance and vendor oversight.
- One or more of the following certifications required: CISSP, CISM, CRISC, CISA, or equivalent.
- High school diploma or GED.

Compensation & Benefits:
This is an exempt role, and the minimum starting salary is $112,286 annually. Salary will be commensurate with experience.

Where & How You'll Work:
- Local Remote: Will work remotely but is expected to attend work-related activities at SPLC offices or in the states in which the SPLC operates.
- Telework: Will work at an SPLC office at least three days per week and may work two days per week from an alternative work location.
- This position will report to the Director, Cybersecurity.

Locations: Atlanta, GA; Montgomery, AL

This position is represented by the Washington-Baltimore News Guild.